April 26, 2017 Chicago | July 11, 2017 Boston | Nov. 9, 2017 San Francisco | The Women Adviser Summit is uniquely designed for the sophisticated female adviser who wants to take her personal and professional self to the next level.

10 ways advisers can improve their cybersecurity

2. Know your policies and procedures

+ Zoom

In its April 15 risk alert, the SEC asked advisory firms to provide the month and year in which cybersecurity action was last taken, the frequency with which such practices are conducted and the group with responsibility for conducting the practice. Further, the SEC wants firms to provide a copy of relevant policies and procedures.

The point of all these policies and procedures, said Daniel Bernstein, chief knowledge officer at MarketCounsel, is to mitigate exposure to cybersecurity risks. For example, he said, advisory firms often fail to train staff routinely and consistently about putting a data protection plan into place. That plan should require portable storage devices to be encrypted. An obstacle: employees who walk out of the office door with unencrypted flash drives and mobile phones that can be lost or stolen.

It’s often there in the policies and procedures manual, but, ‘Hey, we’re dealing with everyday business life, and we just didn’t get around to that,’” Mr. Bernstein said. “One of the best solutions is you just don’t let people take that data away on their mobile devices. Do they really need a customer’s Social Security number on their flash drive?”